Pony Botnet Virus Steals $220k from 30 Types of Digital Wallets

Published on by Coindesk | Published on

Feb 24, 2014 at 11:03 p.m. UTCUpdated Sep 10, 2014 at 10:59 a.m. UTC. In what is being called one of the most ambitious cyberattacks affecting virtual currency to date, Chicago-based IT security services provider Trustwave has revealed that a crybercrime ring known as Pony botnet is using a Trojan virus to steal from 30 types of digital currency wallets.

Trustwave researchers found that credentials for approximately 700,000 digital wallet, email and desktop accounts have been compromised, and that up to $220,000 had been stolen from 85 digital currency wallets as of the time of writing.

Ziv Mador, director of security research at Trustwave, told CoinDesk that consumer and merchant wallets were both affected, and that bitcoins, litecoins, primecoins and feathercoins had been stolen in the attack.

"The new thing about this complaint is that it was widely spread. The Pony malware affected hundreds of thousands of machines and scanned for digital wallets from 30 virtual currencies on those computers."

The $220,000 total represents the maximum amount stolen, as once cybercriminals have obtained a user's wallet.

Trustwave provides a full list of the affected currencies, as well as charts that detail the coordinated efforts of Pony botnet's attacks in its blog post.

Stolen passwords across all affected digital assets - not just digital currency wallets - were most commonly retrieved from consumers in Germany, Poland and Italy, with roughly 50% of stolen passwords originating in these locations.

Trustwave noted that Pony botnet likely found virtual wallets attractive, given their inherent qualities that provide for irreversible transactions, and the ease with which the currencies can be exchanged for fiat.

"If they use that option and encrypt their wallets with a strong key, then they should be fine, even if the malware were to infect the digital wallet, the botnet would not be able to generate transactions from that wallet."

Those who believe their wallet may have been compromised by the attack can use a free tool provided by Trustwave that searches for affected wallets by public keys.